Linux centos VMware Nginx防盗链Nginx访问控制Nginx解析php相关配置Nginx代理

Posted 2020-11-17 Stripling悟

一、Nginx防盗链

配置如下，可以和上面的配置结合起来

 

location ~* ^.+\\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$

{

   expires 7d;

valid_referers none blocked server_names *.test.com ;                    

if ($invalid_referer)

{

return 403;

}

access_log off;

}

重加载

 

二、Nginx访问控制

 

需求：访问/admin/目录的请求，只允许某几个IP访问，配置如下：

vim /usr/local/nginx/conf/vhost/aaa.com.conf

location /admin/

{

allow 192.168.1.1101;

allow 127.0.0.1;

deny all;

}

 

 

重加载

 

 测试

 

 

 

 

mkdir /data/wwwroot/test.com/davery/

echo “test,test”>/data/wwwroot/test.com/davery/1.html

 

-t && -s reload

curl -x127.0.0.1:80 test.com/davery/1.html -I

curl -x192.168.1.101:80 test.com/davery/1.html -I

 

 

可以匹配正则

location ~ .*(abc|image)/.*\\.php$

{

deny all;

}

 

根据user_agent限制

if ($http_user_agent ~ \'Spider/3.0|YoudaoBot|Tomato\')

{

return 403;

}

deny all和return 403效果一样

 

三、Nginx解析php相关配置

配置如下：

vim /usr/local/nginx/conf/vhost/aaa.com.conf

location ~ \\.php$

{

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;

}

fastcgi_pass 用来指定php-fpm监听的地址或者socket

 

[root@davery ~]# vi /data/wwwroot/test.com/3,php

 

四、Nginx代理

 

cd /usr/local/nginx/conf/vhost

vim proxy.conf //加入如下内容

server

{

listen 80;

server_name ask.apelearn.com;

location /

{

proxy_pass http://121.201.9.155/;

proxy_set_header Host $host;        这里的$host即上边的server_name

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

重加载

访问主域名就会出现如下